Back to all jobs

Mandiant – Senior Incident Response Remediation Consultant


Sep 24

Company Description

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at

Job Description

Do you want to be part of a team of security consultants investigating, remediating and recovering from computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and recover/prevent compromises?

FireEye Mandiant Security Transformation Services helps organizations build an effective security operations program that minimizes organizational risk and reduces the impact of security breaches. With a targeted focus in hybrid cloud architectures, our consultants work from initial assessment and configuration review of security controls, to detailed technical recommendations that can be practically implemented to harden hybrid cloud environments, enhance visibility and detection, and improve processes to reduce the risk of compromise.

Mandiant seeks Incident Remediation and Recovery Consultants with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their Active Directory, network architecture, security hardening, and logging enforcement skills to assist clients with containment, remediation and recovery workstreams. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, providing hands-on assistance with containment and remediation activities, and creating and presenting high-quality deliverables.

What You Will Do

  • Conduct Incident containment, remediation and recovery engagements for clients
  • Assess environments that have suffered a cyber incident, document detailed remediation/recovery/eradication execution guides and tracking documents and support the execution of a coordinated remediation event
  • Design and assist clients with network and identity architecture enhancements and configuration modifications to defend against identified threats and attacker techniques
  • Recommend and document specific counter-measures and mitigating controls
  • Articulate FireEye & Mandiant’s combined capabilities in marketing discussions, proposal efforts, and capability briefings
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate remediation strategies and workstreams to client stakeholders including technical staff, executive leadership, and legal counsel
  • Work with our sales team and clients to scope engagements, draft contracts, and deliver services
  • Identify, market, and develop new business opportunities
  • Supervise, coach, and develop staff
  • Improve Mandiant’s business processes and methodologies



The successful candidate will have 8+ years’ experience in technical delivery consulting and/or information security and additionally be able to demonstrate a strong proficiency in three or more of the following areas:

  • Prior experience as a lead system administrator or network engineer in an enterprise environment
  • Thorough understanding of enterprise security controls in Active Directory / Windows environments
  • Active Directory Trusts and Architectures
  • Privileged Access Management best practices
  • Windows and Unix endpoint hardening and security control enforcement
  • Expertise in enforcing application allow listing and host-based restrictions
  • Implementation and enforcement of technologies such as Credential Guard and Device Guard
  • Understanding of enterprise networking and knowledge of network segmentation strategies
  • Implementation and management of both network and host-based firewall configurations
  • Implementing logging configurations for network devices and Windows and Unix endpoints
  • PowerShell scripting
  • Experience with designing and implementing Microsoft Azure Active Directory and/or Office 365 collaboration suite of services
  • Experience with designing and implementing Amazon Web Services and/or Google Cloud Platform
  • Knowledge of industry security standards, policies and governance frameworks

Additional Qualifications: 

  • Must be eligible work in EU member states, or Swiss or UK  without sponsorship
  • Prior training and public speaking engagement experience
  • Ability to lead a team of highly technical security professionals
  • Willingness to travel